From d92663db3d4cd106fe464e305a52196e2f863ade Mon Sep 17 00:00:00 2001 From: Xia Zhao Date: Thu, 17 Oct 2024 16:14:46 -0700 Subject: [PATCH 1/3] fix ecs run task policy for sfn --- .../test/ecs/integ.ec2-run-task.ts | 3 ++- .../test/ecs/integ.fargate-run-task.ts | 3 ++- .../lib/ecs/run-task.ts | 16 ++++++++++++++- packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md | 20 ++++++++++++++++++- packages/aws-cdk-lib/cx-api/lib/features.ts | 15 ++++++++++++++ 5 files changed, 53 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts index 05cb571dbd3d7..3c374a583984d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.ts @@ -4,7 +4,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; import * as cdk from 'aws-cdk-lib'; import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; -import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; +import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP, STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY } from 'aws-cdk-lib/cx-api'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; /* @@ -20,6 +20,7 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-run-task'); stack.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false); +stack.node.setContext(STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY, false); const cluster = new ecs.Cluster(stack, 'Ec2Cluster'); cluster.addCapacity('DefaultAutoScalingGroup', { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts index 8d5ff62afe5e9..a71b646378dd5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.ts @@ -3,7 +3,7 @@ import * as ecs from 'aws-cdk-lib/aws-ecs'; import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; import * as cdk from 'aws-cdk-lib'; import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; -import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP } from 'aws-cdk-lib/cx-api'; +import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP, STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY } from 'aws-cdk-lib/cx-api'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; /* @@ -19,6 +19,7 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha'; const app = new cdk.App(); const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-fargate-run-task'); stack.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false); +stack.node.setContext(STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY, false); const cluster = new ecs.Cluster(stack, 'FargateCluster'); diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts index caae28c6d891c..9c07a6d8a11e6 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts @@ -5,6 +5,7 @@ import * as ecs from '../../../aws-ecs'; import * as iam from '../../../aws-iam'; import * as sfn from '../../../aws-stepfunctions'; import * as cdk from '../../../core'; +import { STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY } from '../../../cx-api'; import { integrationResourceArn, validatePatternSupported } from '../private/task-utils'; /** @@ -368,7 +369,7 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable { const policyStatements = [ new iam.PolicyStatement({ actions: ['ecs:RunTask'], - resources: [`${this.getTaskDefinitionFamilyArn()}:*`], + resources: [cdk.FeatureFlags.of(this).isEnabled(STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY) ? this.getTaskDefinitionArn() : this.getTaskDefinitionFamilyArn() + ':*'], }), new iam.PolicyStatement({ actions: ['ecs:StopTask', 'ecs:DescribeTasks'], @@ -398,6 +399,19 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable { return policyStatements; } + private getTaskDefinitionArn(): string { + const tastDefinitionArn = this.props.taskDefinition.taskDefinitionArn; + let needsRevisionWildcard = false; + // Check if there is a taskdefinition revision + // (arn will end with : followed by digits) included in the arn already + if (!cdk.Token.isUnresolved(tastDefinitionArn)) { + const revisionAtEndPattern = /:[0-9]+$/; + const hasRevision = revisionAtEndPattern.test(tastDefinitionArn); + needsRevisionWildcard = !hasRevision; + } + return tastDefinitionArn + needsRevisionWildcard ? ':*' : ''; + } + /** * Returns the ARN of the task definition family by removing the * revision from the task definition ARN diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md index c070f4add53e6..70d1a8ba65fb8 100644 --- a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +++ b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md @@ -79,6 +79,7 @@ Flags come in three types: | [@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages](#aws-cdkaws-lambda-nodejssdkv3excludesmithypackages) | When enabled, both `@aws-sdk` and `@smithy` packages will be excluded from the Lambda Node.js 18.x runtime to prevent version mismatches in bundled applications. | 2.161.0 | (fix) | | [@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId](#aws-cdkaws-rdssetcorrectvaluefordatabaseinstancereadreplicainstanceresourceid) | When enabled, the value of property `instanceResourceId` in construct `DatabaseInstanceReadReplica` will be set to the correct value which is `DbiResourceId` instead of currently `DbInstanceArn` | 2.161.0 | (fix) | | [@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics](#aws-cdkcorecfnincluderejectcomplexresourceupdatecreatepolicyintrinsics) | When enabled, CFN templates added with `cfn-include` will error if the template contains Resource Update or Create policies with CFN Intrinsics that include non-primitive values. | 2.161.0 | (fix) | +| [@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy](#aws-cdkaws-stepfunctions-tasksfixrunecstaskpolicy) | When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN. | V2NEXT | (fix) | @@ -146,7 +147,8 @@ The following json shows the current recommended set of flags, as `cdk init` wou "@aws-cdk/aws-appsync:appSyncGraphQLAPIScopeLambdaPermission": true, "@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId": true, "@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics": true, - "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true + "@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages": true, + "@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy": true } } ``` @@ -1491,4 +1493,20 @@ Enabling this feature flag will make `cfn-include` throw on these templates, unl | 2.161.0 | `false` | `true` | +### @aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy + +*When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN.* (fix) + +Currently, in the IAM Run Ecs policy generated by SFN EcsRunTask(), CDK will construct the ARN with wildcard attached at the end. +The revision number at the end will be replaced with a wildcard which it shouldn't. + +When this feature flag is enabled, if the task definition is created in the stack, the 'Resource' section will 'Ref' the taskDefinition. + + +| Since | Default | Recommended | +| ----- | ----- | ----- | +| (not in v1) | | | +| V2NEXT | `false` | `true` | + + diff --git a/packages/aws-cdk-lib/cx-api/lib/features.ts b/packages/aws-cdk-lib/cx-api/lib/features.ts index 5ea7db464b326..bbdf865b7627a 100644 --- a/packages/aws-cdk-lib/cx-api/lib/features.ts +++ b/packages/aws-cdk-lib/cx-api/lib/features.ts @@ -113,6 +113,7 @@ export const APPSYNC_GRAPHQLAPI_SCOPE_LAMBDA_FUNCTION_PERMISSION = '@aws-cdk/aws export const USE_CORRECT_VALUE_FOR_INSTANCE_RESOURCE_ID_PROPERTY = '@aws-cdk/aws-rds:setCorrectValueForDatabaseInstanceReadReplicaInstanceResourceId'; export const CFN_INCLUDE_REJECT_COMPLEX_RESOURCE_UPDATE_CREATE_POLICY_INTRINSICS = '@aws-cdk/core:cfnIncludeRejectComplexResourceUpdateCreatePolicyIntrinsics'; export const LAMBDA_NODEJS_SDK_V3_EXCLUDE_SMITHY_PACKAGES = '@aws-cdk/aws-lambda-nodejs:sdkV3ExcludeSmithyPackages'; +export const STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY = '@aws-cdk/aws-stepfunctions-tasks:fixRunEcsTaskPolicy'; export const FLAGS: Record = { ////////////////////////////////////////////////////////////////////// @@ -1219,6 +1220,20 @@ export const FLAGS: Record = { introducedIn: { v2: '2.161.0' }, recommendedValue: true, }, + + ////////////////////////////////////////////////////////////////////// + [STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY]: { + type: FlagType.BugFix, + summary: 'When enabled, the resource of IAM Run Ecs policy generated by SFN EcsRunTask will reference the definition, instead of constructing ARN.', + detailsMd: ` + Currently, in the IAM Run Ecs policy generated by SFN EcsRunTask(), CDK will construct the ARN with wildcard attached at the end. + The revision number at the end will be replaced with a wildcard which it shouldn't. + + When this feature flag is enabled, if the task definition is created in the stack, the 'Resource' section will 'Ref' the taskDefinition. + `, + introducedIn: { v2: 'V2NEXT' }, + recommendedValue: true, + }, }; const CURRENT_MV = 'v2'; From da6ac5ca64351647ea9861e4c9141ed7ef3a393f Mon Sep 17 00:00:00 2001 From: Xia Zhao Date: Thu, 17 Oct 2024 16:22:44 -0700 Subject: [PATCH 2/3] add integration test --- ...efaultTestDeployAssert2569343D.assets.json | 19 + ...aultTestDeployAssert2569343D.template.json | 36 + .../Dockerfile | 3 + .../index.py | 5 + ...s-run-task-ref-task-definition.assets.json | 32 + ...run-task-ref-task-definition.template.json | 1296 ++++++++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 391 +++ .../tree.json | 2110 +++++++++++++++++ .../ecs/integ.ec2-run-task-ref-definition.ts | 53 + 11 files changed, 3958 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/index.py create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets.json new file mode 100644 index 0000000000000..38b1294146007 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile new file mode 100644 index 0000000000000..23cf9b3e22f5d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/Dockerfile @@ -0,0 +1,3 @@ +FROM public.ecr.aws/docker/library/python:3.12 +ADD index.py . +CMD [ "python3", "./index.py" ] diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/index.py new file mode 100644 index 0000000000000..730f1be5ad06e --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534/index.py @@ -0,0 +1,5 @@ +import os +import pprint + +print('Hello from ECS!') +pprint.pprint(dict(os.environ)) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.assets.json new file mode 100644 index 0000000000000..349582502b090 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.assets.json @@ -0,0 +1,32 @@ +{ + "version": "38.0.1", + "files": { + "a04c65eb154cc930d6f8ea8a3d18f4216f96457a1d86647792aa47f6e2cecbe7": { + "source": { + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "a04c65eb154cc930d6f8ea8a3d18f4216f96457a1d86647792aa47f6e2cecbe7.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": { + "d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534": { + "source": { + "directory": "asset.d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534" + }, + "destinations": { + "current_account-current_region": { + "repositoryName": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}", + "imageTag": "d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-image-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.template.json new file mode 100644 index 0000000000000..7cce5cb92eb14 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/aws-sfn-tasks-ecs-run-task-ref-task-definition.template.json @@ -0,0 +1,1296 @@ +{ + "Resources": { + "Ec2ClusterEE43E89D": { + "Type": "AWS::ECS::Cluster" + }, + "Ec2ClusterVpc568127F1": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPublicSubnet1RouteTableAssociation9C78F646": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + } + } + }, + "Ec2ClusterVpcPublicSubnet1DefaultRouteC7FBE273": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + }, + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + } + }, + "DependsOn": [ + "Ec2ClusterVpcVPCGW24F3B413" + ] + }, + "Ec2ClusterVpcPublicSubnet1EIPD4B5D142": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet1EIPD4B5D142", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "Ec2ClusterVpcPublicSubnet1DefaultRouteC7FBE273", + "Ec2ClusterVpcPublicSubnet1RouteTableAssociation9C78F646" + ] + }, + "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPublicSubnet2RouteTable44A09188": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPublicSubnet2RouteTableAssociation7615C6B2": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } + } + }, + "Ec2ClusterVpcPublicSubnet2DefaultRouteEBA52256": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + }, + "RouteTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + } + }, + "DependsOn": [ + "Ec2ClusterVpcVPCGW24F3B413" + ] + }, + "Ec2ClusterVpcPublicSubnet2EIP921925E6": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet2EIP921925E6", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "Ec2ClusterVpcPublicSubnet2DefaultRouteEBA52256", + "Ec2ClusterVpcPublicSubnet2RouteTableAssociation7615C6B2" + ] + }, + "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPrivateSubnet1RouteTableAssociation1043DBDA": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E" + } + } + }, + "Ec2ClusterVpcPrivateSubnet1DefaultRouteD31A76F0": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839" + }, + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2RouteTableAssociation3AFD70F4": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + }, + "SubnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19" + } + } + }, + "Ec2ClusterVpcPrivateSubnet2DefaultRoute22B3073E": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0" + }, + "RouteTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + } + } + }, + "Ec2ClusterVpcIGW605638EB": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc" + } + ] + } + }, + "Ec2ClusterVpcVPCGW24F3B413": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + }, + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterDefaultAutoScalingGroupInstanceSecurityGroup149B0A9E": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceSecurityGroup", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ], + "VpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy6D2DC2FD": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecs:DeregisterContainerInstance", + "ecs:RegisterContainerInstance", + "ecs:Submit*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + }, + { + "Action": [ + "ecs:Poll", + "ecs:StartTelemetrySession" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "Ec2ClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy6D2DC2FD", + "Roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupInstanceProfileDB232471": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "Roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupLaunchTemplate346F58BE": { + "Type": "AWS::EC2::LaunchTemplate", + "Properties": { + "LaunchTemplateData": { + "IamInstanceProfile": { + "Arn": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupInstanceProfileDB232471", + "Arn" + ] + } + }, + "ImageId": { + "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "InstanceType": "t2.micro", + "Monitoring": { + "Enabled": false + }, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupInstanceSecurityGroup149B0A9E", + "GroupId" + ] + } + ], + "TagSpecifications": [ + { + "ResourceType": "instance", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate" + } + ] + }, + { + "ResourceType": "volume", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate" + } + ] + } + ], + "UserData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\necho ECS_CLUSTER=", + { + "Ref": "Ec2ClusterEE43E89D" + }, + " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" + ] + ] + } + } + }, + "TagSpecifications": [ + { + "ResourceType": "launch-template", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate" + } + ] + } + ] + }, + "DependsOn": [ + "Ec2ClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy6D2DC2FD", + "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898" + ] + }, + "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0": { + "Type": "AWS::AutoScaling::AutoScalingGroup", + "Properties": { + "LaunchTemplate": { + "LaunchTemplateId": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLaunchTemplate346F58BE" + }, + "Version": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupLaunchTemplate346F58BE", + "LatestVersionNumber" + ] + } + }, + "MaxSize": "1", + "MinSize": "1", + "Tags": [ + { + "Key": "Name", + "PropagateAtLaunch": true, + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ], + "VPCZoneIdentifier": [ + { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } + ] + }, + "UpdatePolicy": { + "AutoScalingReplacingUpdate": { + "WillReplace": true + }, + "AutoScalingScheduledAction": { + "IgnoreUnmodifiedGroupSizeProperties": true + } + } + }, + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicy638C9E33": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ec2:DescribeHosts", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0" + } + ] + ] + } + }, + { + "Action": [ + "ecs:DescribeContainerInstances", + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecs:ListContainerInstances", + "ecs:SubmitContainerStateChange", + "ecs:SubmitTaskStateChange" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicy638C9E33", + "Roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionE0DEFB31": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "import boto3, json, os, time\n\necs = boto3.client('ecs')\nautoscaling = boto3.client('autoscaling')\n\n\ndef lambda_handler(event, context):\n print(json.dumps(dict(event, ResponseURL='...')))\n cluster = os.environ['CLUSTER']\n snsTopicArn = event['Records'][0]['Sns']['TopicArn']\n lifecycle_event = json.loads(event['Records'][0]['Sns']['Message'])\n instance_id = lifecycle_event.get('EC2InstanceId')\n if not instance_id:\n print('Got event without EC2InstanceId: %s', json.dumps(dict(event, ResponseURL='...')))\n return\n\n instance_arn = container_instance_arn(cluster, instance_id)\n print('Instance %s has container instance ARN %s' % (lifecycle_event['EC2InstanceId'], instance_arn))\n\n if not instance_arn:\n return\n\n task_arns = container_instance_task_arns(cluster, instance_arn)\n\n if task_arns:\n print('Instance ARN %s has task ARNs %s' % (instance_arn, ', '.join(task_arns)))\n\n while has_tasks(cluster, instance_arn, task_arns):\n time.sleep(10)\n\n try:\n print('Terminating instance %s' % instance_id)\n autoscaling.complete_lifecycle_action(\n LifecycleActionResult='CONTINUE',\n **pick(lifecycle_event, 'LifecycleHookName', 'LifecycleActionToken', 'AutoScalingGroupName'))\n except Exception as e:\n # Lifecycle action may have already completed.\n print(str(e))\n\n\ndef container_instance_arn(cluster, instance_id):\n \"\"\"Turn an instance ID into a container instance ARN.\"\"\"\n arns = ecs.list_container_instances(cluster=cluster, filter='ec2InstanceId==' + instance_id)['containerInstanceArns']\n if not arns:\n return None\n return arns[0]\n\ndef container_instance_task_arns(cluster, instance_arn):\n \"\"\"Fetch tasks for a container instance ARN.\"\"\"\n arns = ecs.list_tasks(cluster=cluster, containerInstance=instance_arn)['taskArns']\n return arns\n\ndef has_tasks(cluster, instance_arn, task_arns):\n \"\"\"Return True if the instance is running tasks for the given cluster.\"\"\"\n instances = ecs.describe_container_instances(cluster=cluster, containerInstances=[instance_arn])['containerInstances']\n if not instances:\n return False\n instance = instances[0]\n\n if instance['status'] == 'ACTIVE':\n # Start draining, then try again later\n set_container_instance_to_draining(cluster, instance_arn)\n return True\n\n task_count = None\n\n if task_arns:\n # Fetch details for tasks running on the container instance\n tasks = ecs.describe_tasks(cluster=cluster, tasks=task_arns)['tasks']\n if tasks:\n # Consider any non-stopped tasks as running\n task_count = sum(task['lastStatus'] != 'STOPPED' for task in tasks) + instance['pendingTasksCount']\n\n if not task_count:\n # Fallback to instance task counts if detailed task information is unavailable\n task_count = instance['runningTasksCount'] + instance['pendingTasksCount']\n\n print('Instance %s has %s tasks' % (instance_arn, task_count))\n\n return task_count > 0\n\ndef set_container_instance_to_draining(cluster, instance_arn):\n ecs.update_container_instances_state(\n cluster=cluster,\n containerInstances=[instance_arn], status='DRAINING')\n\n\ndef pick(dct, *keys):\n \"\"\"Pick a subset of a dict.\"\"\"\n return {k: v for k, v in dct.items() if k in keys}\n" + }, + "Environment": { + "Variables": { + "CLUSTER": { + "Ref": "Ec2ClusterEE43E89D" + } + } + }, + "Handler": "index.lambda_handler", + "Role": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3", + "Arn" + ] + }, + "Runtime": "python3.9", + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ], + "Timeout": 310 + }, + "DependsOn": [ + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicy638C9E33", + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3" + ] + }, + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionAllowInvokeawssfntasksecsruntaskreftaskdefinitionEc2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopic31C4EDE486F3D901": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionE0DEFB31", + "Arn" + ] + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + } + } + }, + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionTopic4795E0F6": { + "Type": "AWS::SNS::Subscription", + "Properties": { + "Endpoint": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionE0DEFB31", + "Arn" + ] + }, + "Protocol": "lambda", + "TopicArn": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + } + } + }, + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole71045ED7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicyE499974B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicyE499974B", + "Roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole71045ED7" + } + ] + } + }, + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHook5CB1467E": { + "Type": "AWS::AutoScaling::LifecycleHook", + "Properties": { + "AutoScalingGroupName": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0" + }, + "DefaultResult": "CONTINUE", + "HeartbeatTimeout": 300, + "LifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING", + "NotificationTargetARN": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + }, + "RoleARN": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole71045ED7", + "Arn" + ] + } + }, + "DependsOn": [ + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicyE499974B", + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole71045ED7" + ] + }, + "TaskDefTaskRole1EDB4A67": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDef54694570": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Essential": true, + "Image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534" + }, + "Memory": 256, + "Name": "Container" + } + ], + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "TaskDefExecutionRoleB4775C97", + "Arn" + ] + }, + "Family": "awssfntasksecsruntaskreftaskdefinitionTaskDefAAB386BE", + "NetworkMode": "bridge", + "RequiresCompatibilities": [ + "EC2" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "TaskDefExecutionRoleB4775C97": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "TaskDefExecutionRoleDefaultPolicy0DBB737A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TaskDefExecutionRoleDefaultPolicy0DBB737A", + "Roles": [ + { + "Ref": "TaskDefExecutionRoleB4775C97" + } + ] + } + }, + "StateMachineRoleB840431D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "StateMachineRoleDefaultPolicyDF1E6607": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + } + ] + } + ] + }, + ":*" + ] + ] + } + }, + { + "Action": [ + "ecs:DescribeTasks", + "ecs:StopTask" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "TaskDefExecutionRoleB4775C97", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule", + "events:PutRule", + "events:PutTargets" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "StateMachineRoleDefaultPolicyDF1E6607", + "Roles": [ + { + "Ref": "StateMachineRoleB840431D" + } + ] + } + }, + "StateMachine2E01A3A5": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Start\",\"States\":{\"Start\":{\"Type\":\"Pass\",\"Result\":{\"SomeKey\":\"SomeValue\"},\"Next\":\"Run\"},\"Run\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"awssfntasksecsruntaskreftaskdefinitionTaskDefAAB386BE\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"Container\"}]},\"LaunchType\":\"EC2\"}}}}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + } + }, + "DependsOn": [ + "StateMachineRoleDefaultPolicyDF1E6607", + "StateMachineRoleB840431D" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id" + }, + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/integ.json new file mode 100644 index 0000000000000..0864fef8f0a95 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "SfnTasksEcsEc2RunTaskTest/DefaultTest": { + "stacks": [ + "aws-sfn-tasks-ecs-run-task-ref-task-definition" + ], + "assertionStack": "SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert", + "assertionStackName": "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/manifest.json new file mode 100644 index 0000000000000..30d933317eb14 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/manifest.json @@ -0,0 +1,391 @@ +{ + "version": "38.0.1", + "artifacts": { + "aws-sfn-tasks-ecs-run-task-ref-task-definition.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-sfn-tasks-ecs-run-task-ref-task-definition.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-sfn-tasks-ecs-run-task-ref-task-definition": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-sfn-tasks-ecs-run-task-ref-task-definition.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a04c65eb154cc930d6f8ea8a3d18f4216f96457a1d86647792aa47f6e2cecbe7.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-sfn-tasks-ecs-run-task-ref-task-definition.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-sfn-tasks-ecs-run-task-ref-task-definition.assets" + ], + "metadata": { + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterEE43E89D" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpc568127F1" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet1RouteTableAssociation9C78F646" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet1DefaultRouteC7FBE273" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet1EIPD4B5D142" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet2RouteTableAssociation7615C6B2" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet2DefaultRouteEBA52256" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet2EIP921925E6" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet1RouteTableAssociation1043DBDA" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet1DefaultRouteD31A76F0" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet2RouteTableAssociation3AFD70F4" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcPrivateSubnet2DefaultRoute22B3073E" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcIGW605638EB" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterVpcVPCGW24F3B413" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupInstanceSecurityGroup149B0A9E" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy6D2DC2FD" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceProfile": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupInstanceProfileDB232471" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupLaunchTemplate346F58BE" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/ASG": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicy638C9E33" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionE0DEFB31" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/AllowInvoke:awssfntasksecsruntaskreftaskdefinitionEc2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopic31C4EDE4": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionAllowInvokeawssfntasksecsruntaskreftaskdefinitionEc2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopic31C4EDE486F3D901" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/Topic/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionTopic4795E0F6" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Topic/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole71045ED7" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicyE499974B" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHook5CB1467E" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": [ + { + "type": "aws:cdk:logicalId", + "data": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefTaskRole1EDB4A67" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDef54694570" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefExecutionRoleB4775C97" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TaskDefExecutionRoleDefaultPolicy0DBB737A" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "StateMachineRoleB840431D" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "StateMachineRoleDefaultPolicyDF1E6607" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "StateMachine2E01A3A5" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-sfn-tasks-ecs-run-task-ref-task-definition/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-sfn-tasks-ecs-run-task-ref-task-definition" + }, + "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "SfnTasksEcsEc2RunTaskTestDefaultTestDeployAssert2569343D.assets" + ], + "metadata": { + "/SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/tree.json new file mode 100644 index 0000000000000..3a1cdfcc6ce6d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.js.snapshot/tree.json @@ -0,0 +1,2110 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-sfn-tasks-ecs-run-task-ref-task-definition": { + "id": "aws-sfn-tasks-ecs-run-task-ref-task-definition", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition", + "children": { + "Ec2Cluster": { + "id": "Ec2Cluster", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "0.0.0" + } + }, + "Vpc": { + "id": "Vpc", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + }, + "subnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + }, + "routeTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet1RouteTableE30610F5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet1EIPD4B5D142", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + }, + "subnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + }, + "routeTableId": { + "Ref": "Ec2ClusterVpcPublicSubnet2RouteTable44A09188" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "Ec2ClusterVpcPublicSubnet2EIP921925E6", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + }, + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + }, + "subnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1Subnet0AE9B91E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet1NATGateway79A8A839" + }, + "routeTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet1RouteTable50D391D1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + }, + "subnetId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2Subnet16B68C19" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "Ec2ClusterVpcPublicSubnet2NATGateway302F96C0" + }, + "routeTableId": { + "Ref": "Ec2ClusterVpcPrivateSubnet2RouteTable22B9DAE6" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "Ec2ClusterVpcIGW605638EB" + }, + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "DefaultAutoScalingGroup": { + "id": "DefaultAutoScalingGroup", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup", + "children": { + "InstanceSecurityGroup": { + "id": "InstanceSecurityGroup", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceSecurityGroup", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ], + "vpcId": { + "Ref": "Ec2ClusterVpc568127F1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "InstanceRole": { + "id": "InstanceRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole", + "children": { + "ImportInstanceRole": { + "id": "ImportInstanceRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole/ImportInstanceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecs:DeregisterContainerInstance", + "ecs:RegisterContainerInstance", + "ecs:Submit*" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + }, + { + "Action": [ + "ecs:Poll", + "ecs:StartTelemetrySession" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "Ec2ClusterDefaultAutoScalingGroupInstanceRoleDefaultPolicy6D2DC2FD", + "roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "InstanceProfile": { + "id": "InstanceProfile", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/InstanceProfile", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::InstanceProfile", + "aws:cdk:cloudformation:props": { + "roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupInstanceRole73D80898" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnInstanceProfile", + "version": "0.0.0" + } + }, + "ImportedInstanceProfile": { + "id": "ImportedInstanceProfile", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/ImportedInstanceProfile", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "LaunchTemplate": { + "id": "LaunchTemplate", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::LaunchTemplate", + "aws:cdk:cloudformation:props": { + "launchTemplateData": { + "iamInstanceProfile": { + "arn": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupInstanceProfileDB232471", + "Arn" + ] + } + }, + "imageId": { + "Ref": "SsmParameterValueawsserviceecsoptimizedamiamazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter" + }, + "instanceType": "t2.micro", + "monitoring": { + "enabled": false + }, + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupInstanceSecurityGroup149B0A9E", + "GroupId" + ] + } + ], + "tagSpecifications": [ + { + "resourceType": "instance", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate" + } + ] + }, + { + "resourceType": "volume", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate" + } + ] + } + ], + "userData": { + "Fn::Base64": { + "Fn::Join": [ + "", + [ + "#!/bin/bash\necho ECS_CLUSTER=", + { + "Ref": "Ec2ClusterEE43E89D" + }, + " >> /etc/ecs/ecs.config\nsudo iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP\nsudo service iptables save\necho ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config" + ] + ] + } + } + }, + "tagSpecifications": [ + { + "resourceType": "launch-template", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LaunchTemplate" + } + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnLaunchTemplate", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.LaunchTemplate", + "version": "0.0.0" + } + }, + "ASG": { + "id": "ASG", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/ASG", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AutoScaling::AutoScalingGroup", + "aws:cdk:cloudformation:props": { + "launchTemplate": { + "launchTemplateId": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLaunchTemplate346F58BE" + }, + "version": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupLaunchTemplate346F58BE", + "LatestVersionNumber" + ] + } + }, + "maxSize": "1", + "minSize": "1", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup", + "propagateAtLaunch": true + } + ], + "vpcZoneIdentifier": [ + { + "Ref": "Ec2ClusterVpcPublicSubnet1SubnetD46FD92B" + }, + { + "Ref": "Ec2ClusterVpcPublicSubnet2Subnet207D9E5E" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.CfnAutoScalingGroup", + "version": "0.0.0" + } + }, + "DrainECSHook": { + "id": "DrainECSHook", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook", + "children": { + "Function": { + "id": "Function", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ], + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ec2:DescribeHosts", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "autoscaling:CompleteLifecycleAction", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":autoscaling:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":autoScalingGroup:*:autoScalingGroupName/", + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0" + } + ] + ] + } + }, + { + "Action": [ + "ecs:DescribeContainerInstances", + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" + ], + "Condition": { + "ArnEquals": { + "ecs:cluster": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecs:ListContainerInstances", + "ecs:SubmitContainerStateChange", + "ecs:SubmitTaskStateChange" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRoleDefaultPolicy638C9E33", + "roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "import boto3, json, os, time\n\necs = boto3.client('ecs')\nautoscaling = boto3.client('autoscaling')\n\n\ndef lambda_handler(event, context):\n print(json.dumps(dict(event, ResponseURL='...')))\n cluster = os.environ['CLUSTER']\n snsTopicArn = event['Records'][0]['Sns']['TopicArn']\n lifecycle_event = json.loads(event['Records'][0]['Sns']['Message'])\n instance_id = lifecycle_event.get('EC2InstanceId')\n if not instance_id:\n print('Got event without EC2InstanceId: %s', json.dumps(dict(event, ResponseURL='...')))\n return\n\n instance_arn = container_instance_arn(cluster, instance_id)\n print('Instance %s has container instance ARN %s' % (lifecycle_event['EC2InstanceId'], instance_arn))\n\n if not instance_arn:\n return\n\n task_arns = container_instance_task_arns(cluster, instance_arn)\n\n if task_arns:\n print('Instance ARN %s has task ARNs %s' % (instance_arn, ', '.join(task_arns)))\n\n while has_tasks(cluster, instance_arn, task_arns):\n time.sleep(10)\n\n try:\n print('Terminating instance %s' % instance_id)\n autoscaling.complete_lifecycle_action(\n LifecycleActionResult='CONTINUE',\n **pick(lifecycle_event, 'LifecycleHookName', 'LifecycleActionToken', 'AutoScalingGroupName'))\n except Exception as e:\n # Lifecycle action may have already completed.\n print(str(e))\n\n\ndef container_instance_arn(cluster, instance_id):\n \"\"\"Turn an instance ID into a container instance ARN.\"\"\"\n arns = ecs.list_container_instances(cluster=cluster, filter='ec2InstanceId==' + instance_id)['containerInstanceArns']\n if not arns:\n return None\n return arns[0]\n\ndef container_instance_task_arns(cluster, instance_arn):\n \"\"\"Fetch tasks for a container instance ARN.\"\"\"\n arns = ecs.list_tasks(cluster=cluster, containerInstance=instance_arn)['taskArns']\n return arns\n\ndef has_tasks(cluster, instance_arn, task_arns):\n \"\"\"Return True if the instance is running tasks for the given cluster.\"\"\"\n instances = ecs.describe_container_instances(cluster=cluster, containerInstances=[instance_arn])['containerInstances']\n if not instances:\n return False\n instance = instances[0]\n\n if instance['status'] == 'ACTIVE':\n # Start draining, then try again later\n set_container_instance_to_draining(cluster, instance_arn)\n return True\n\n task_count = None\n\n if task_arns:\n # Fetch details for tasks running on the container instance\n tasks = ecs.describe_tasks(cluster=cluster, tasks=task_arns)['tasks']\n if tasks:\n # Consider any non-stopped tasks as running\n task_count = sum(task['lastStatus'] != 'STOPPED' for task in tasks) + instance['pendingTasksCount']\n\n if not task_count:\n # Fallback to instance task counts if detailed task information is unavailable\n task_count = instance['runningTasksCount'] + instance['pendingTasksCount']\n\n print('Instance %s has %s tasks' % (instance_arn, task_count))\n\n return task_count > 0\n\ndef set_container_instance_to_draining(cluster, instance_arn):\n ecs.update_container_instances_state(\n cluster=cluster,\n containerInstances=[instance_arn], status='DRAINING')\n\n\ndef pick(dct, *keys):\n \"\"\"Pick a subset of a dict.\"\"\"\n return {k: v for k, v in dct.items() if k in keys}\n" + }, + "environment": { + "variables": { + "CLUSTER": { + "Ref": "Ec2ClusterEE43E89D" + } + } + }, + "handler": "index.lambda_handler", + "role": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionServiceRole23116FA3", + "Arn" + ] + }, + "runtime": "python3.9", + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ], + "timeout": 310 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + }, + "AllowInvoke:awssfntasksecsruntaskreftaskdefinitionEc2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopic31C4EDE4": { + "id": "AllowInvoke:awssfntasksecsruntaskreftaskdefinitionEc2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopic31C4EDE4", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/AllowInvoke:awssfntasksecsruntaskreftaskdefinitionEc2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopic31C4EDE4", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionE0DEFB31", + "Arn" + ] + }, + "principal": "sns.amazonaws.com", + "sourceArn": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" + } + }, + "Topic": { + "id": "Topic", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/Topic", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/DrainECSHook/Function/Topic/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SNS::Subscription", + "aws:cdk:cloudformation:props": { + "endpoint": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupDrainECSHookFunctionE0DEFB31", + "Arn" + ] + }, + "protocol": "lambda", + "topicArn": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.CfnSubscription", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.Subscription", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "LifecycleHookDrainHook": { + "id": "LifecycleHookDrainHook", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook", + "children": { + "Topic": { + "id": "Topic", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Topic", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Topic/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SNS::Topic", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.CfnTopic", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_sns.Topic", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "tags": [ + { + "key": "Name", + "value": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleDefaultPolicyE499974B", + "roles": [ + { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole71045ED7" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Ec2Cluster/DefaultAutoScalingGroup/LifecycleHookDrainHook/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AutoScaling::LifecycleHook", + "aws:cdk:cloudformation:props": { + "autoScalingGroupName": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupASGC5A6D4C0" + }, + "defaultResult": "CONTINUE", + "heartbeatTimeout": 300, + "lifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING", + "notificationTargetArn": { + "Ref": "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicF7263B30" + }, + "roleArn": { + "Fn::GetAtt": [ + "Ec2ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole71045ED7", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.CfnLifecycleHook", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.LifecycleHook", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_autoscaling.AutoScalingGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter": { + "id": "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118.Parameter", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118": { + "id": "SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/SsmParameterValue:--aws--service--ecs--optimized-ami--amazon-linux-2--recommended--image_id:C96584B6-F00A-464E-AD19-53AFF4B05118", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "TaskDef": { + "id": "TaskDef", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/TaskRole", + "children": { + "ImportTaskRole": { + "id": "ImportTaskRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/TaskRole/ImportTaskRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "essential": true, + "image": { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:d87af9b5acc567118fa529d3d3b763098200a6446a5ca64aea987729efd52534" + }, + "memory": 256, + "name": "Container" + } + ], + "executionRoleArn": { + "Fn::GetAtt": [ + "TaskDefExecutionRoleB4775C97", + "Arn" + ] + }, + "family": "awssfntasksecsruntaskreftaskdefinitionTaskDefAAB386BE", + "networkMode": "bridge", + "requiresCompatibilities": [ + "EC2" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "0.0.0" + } + }, + "Container": { + "id": "Container", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/Container", + "children": { + "AssetImage": { + "id": "AssetImage", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/Container/AssetImage", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/Container/AssetImage/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Repository": { + "id": "Repository", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/Container/AssetImage/Repository", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr.RepositoryBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecr_assets.DockerImageAsset", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "0.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/ExecutionRole", + "children": { + "ImportExecutionRole": { + "id": "ImportExecutionRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/ExecutionRole/ImportExecutionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/TaskDef/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ecr:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":repository/", + { + "Fn::Sub": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}" + } + ] + ] + } + }, + { + "Action": "ecr:GetAuthorizationToken", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "TaskDefExecutionRoleDefaultPolicy0DBB737A", + "roles": [ + { + "Ref": "TaskDefExecutionRoleB4775C97" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Ec2TaskDefinition", + "version": "0.0.0" + } + }, + "Start": { + "id": "Start", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Start", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Pass", + "version": "0.0.0" + } + }, + "Run": { + "id": "Run", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/Run", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "0.0.0" + } + }, + "StateMachine": { + "id": "StateMachine", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine", + "children": { + "Role": { + "id": "Role", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "states.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "TaskDef54694570" + } + ] + } + ] + } + ] + } + ] + }, + ":*" + ] + ] + } + }, + { + "Action": [ + "ecs:DescribeTasks", + "ecs:StopTask" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "TaskDefExecutionRoleB4775C97", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:DescribeRule", + "events:PutRule", + "events:PutTargets" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "StateMachineRoleDefaultPolicyDF1E6607", + "roles": [ + { + "Ref": "StateMachineRoleB840431D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/StateMachine/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::StepFunctions::StateMachine", + "aws:cdk:cloudformation:props": { + "definitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Start\",\"States\":{\"Start\":{\"Type\":\"Pass\",\"Result\":{\"SomeKey\":\"SomeValue\"},\"Next\":\"Run\"},\"Run\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "Ec2ClusterEE43E89D", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"awssfntasksecsruntaskreftaskdefinitionTaskDefAAB386BE\",\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"Container\"}]},\"LaunchType\":\"EC2\"}}}}" + ] + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "StateMachineRoleB840431D", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-sfn-tasks-ecs-run-task-ref-task-definition/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "SfnTasksEcsEc2RunTaskTest": { + "id": "SfnTasksEcsEc2RunTaskTest", + "path": "SfnTasksEcsEc2RunTaskTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "SfnTasksEcsEc2RunTaskTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "SfnTasksEcsEc2RunTaskTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "SfnTasksEcsEc2RunTaskTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.ts new file mode 100644 index 0000000000000..c0c0fddf5ed3d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task-ref-definition.ts @@ -0,0 +1,53 @@ +import * as path from 'path'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as ecs from 'aws-cdk-lib/aws-ecs'; +import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; +import * as cdk from 'aws-cdk-lib'; +import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP, STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY } from 'aws-cdk-lib/cx-api'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-sfn-tasks-ecs-run-task-ref-task-definition'); +stack.node.setContext(EC2_RESTRICT_DEFAULT_SECURITY_GROUP, false); +stack.node.setContext(STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TASK_POLICY, false); + +const cluster = new ecs.Cluster(stack, 'Ec2Cluster'); +cluster.addCapacity('DefaultAutoScalingGroup', { + instanceType: new ec2.InstanceType('t2.micro'), + vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC }, +}); + +// Build task definition +const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef'); +const containerDefinition = taskDefinition.addContainer('Container', { + image: ecs.ContainerImage.fromAsset(path.resolve(__dirname, 'eventhandler-image')), + memoryLimitMiB: 256, +}); + +// Build state machine +const definition = new sfn.Pass(stack, 'Start', { + result: sfn.Result.fromObject({ SomeKey: 'SomeValue' }), +}).next( + new tasks.EcsRunTask(stack, 'Run', { + integrationPattern: sfn.IntegrationPattern.RUN_JOB, + cluster, + taskDefinition, + containerOverrides: [ + { + containerDefinition, + }, + ], + launchTarget: new tasks.EcsEc2LaunchTarget(), + }), +); + +new sfn.StateMachine(stack, 'StateMachine', { + definition, +}); + +new IntegTest(app, 'SfnTasksEcsEc2RunTaskTest', { + testCases: [stack], +}); + +app.synth(); From 44f4165b05eb21a932f32c13a59dc501e00380ad Mon Sep 17 00:00:00 2001 From: Xia Zhao Date: Fri, 18 Oct 2024 10:52:37 -0700 Subject: [PATCH 3/3] Removing extra check --- .../aws-stepfunctions-tasks/lib/ecs/run-task.ts | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts index 9c07a6d8a11e6..847c2f7dd1839 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/ecs/run-task.ts @@ -400,16 +400,7 @@ export class EcsRunTask extends sfn.TaskStateBase implements ec2.IConnectable { } private getTaskDefinitionArn(): string { - const tastDefinitionArn = this.props.taskDefinition.taskDefinitionArn; - let needsRevisionWildcard = false; - // Check if there is a taskdefinition revision - // (arn will end with : followed by digits) included in the arn already - if (!cdk.Token.isUnresolved(tastDefinitionArn)) { - const revisionAtEndPattern = /:[0-9]+$/; - const hasRevision = revisionAtEndPattern.test(tastDefinitionArn); - needsRevisionWildcard = !hasRevision; - } - return tastDefinitionArn + needsRevisionWildcard ? ':*' : ''; + return this.props.taskDefinition.taskDefinitionArn; } /**